Re: Programmatically installing Client Root Certificates

From: Sergio Dutra [MS] (sergio_at_online.microsoft.com)
Date: 07/09/04

  • Next message: lelteto: "RE: More about sign CSP"
    Date: Fri, 9 Jul 2004 08:37:16 -0700
    
    

    You install root certificates into the "root" store. "root" is the name you
    pass in to CertOpenStore, then use CertAddCertificateContextToStore to add
    the certificate to the root store.

    Note that certificates in the root store must be self-signed. Also, the user
    will get a dialog prompting for acceptance or rejection of the certificate
    prior to it being installed. If the user rejects the certificate, it will
    not be added to the root store.

    -- 
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
    "kr" <kr@discussions.microsoft.com> wrote in message 
    news:EE1020F2-5C09-4233-B816-7CC33654F936@microsoft.com...
    >I have come accross some CertXYZ API that I thought could be used to 
    >install CA Root Certificates on the client machine.
    >
    > Assuming that these are the correct API for this purpose...
    >
    > what would be the correct certificate store that should be used to store 
    > the root certificates? I have tried some sample code to enumerate 
    > installed certs for store "CA" but I have noticed a bunch of store names 
    > including "root" when I enumerated stores.
    >
    > I am assuming that once installed, this can be used to create the 
    > CERT_CONTEXT to be passed in to the InternetSetOption to set the client 
    > certificate. Perhaps the cert does not need to be installed but can simply 
    > be used in the above mentioned API for SSL communication?
    >
    > Regardless, any pointers to some sample code to install root certificate/ 
    > certificate chain would be greatly appreciated.
    >
    > Thanks for the help... 
    

  • Next message: lelteto: "RE: More about sign CSP"

    Relevant Pages

    • Re: Hi,You can import a root certificate into the Trusted Root Certificate
      ... I want to add the certificate which is trusted and may be self signed or from CA but needs to be used as a trusted root. ... When I open in-memory store using certOpenStore and add the cert there I get error in handshake. ... If I use System store "Root" and I add it to the Root store it works fine, but then it shows the dialog which I do not want. ...
      (microsoft.public.platformsdk.security)
    • Re: Unable to unwrap a symmetric key using the private key of an X.509
      ... The problem is related to the certificate store on the web service side. ... You installed the certificate in "OtherPeople" store but the policy points ... You should install the certificate in the "Personal" store. ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • Re: OWA certificate cannot be verified
      ... They need to install the certificate into the trusted root store. ... this adds the root CA certificate to the trusted root store. ... never deploy the actual PFX file of the Web server certificate. ...
      (microsoft.public.security)
    • Re: Hi,You can import a root certificate into the Trusted Root Certificate
      ... I want to add the certificate which is trusted and may be self signed or from CA but needs to be used as a trusted root. ... If I use System store "Root" and I add it to the Root store it works fine, but then it shows the dialog which I do not want. ...
      (microsoft.public.platformsdk.security)
    • Bug in CertGetCertificateChain() on W2K (SP2) machines
      ... we have install our own W2K CA server root certificate and corresponding ... On W2K and WXP, when a user installs a Root cert, it goes into to the ... The user certificate on WXP is stored by default into the "Other ... ...no problem with the cert install wizard. ...
      (microsoft.public.win2000.security)